search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update.
[glibc.git] / sunrpc / svcauth_des.c
blob4530066a458fa2fe58edb01362c9ad7f6e596e90
1 /*
2 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3 * unrestricted use provided that this legend is included on all tape
4 * media and as a part of the software program in whole or part. Users
5 * may copy or modify Sun RPC without charge, but are not authorized
6 * to license or distribute it to anyone else except as part of a product or
7 * program developed by the user.
8 *
9 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
10 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
11 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
12 *
13 * Sun RPC is provided with no support and without any obligation on the
14 * part of Sun Microsystems, Inc. to assist in its use, correction,
15 * modification or enhancement.
16 *
17 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
18 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
19 * OR ANY PART THEREOF.
20 *
21 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
22 * or profits or other special, indirect and consequential damages, even if
23 * Sun has been advised of the possibility of such damages.
24 *
25 * Sun Microsystems, Inc.
26 * 2550 Garcia Avenue
27 * Mountain View, California 94043
28 */
29 /*
30 * Copyright (c) 1988 by Sun Microsystems, Inc.
31 */
32 /*
33 * svcauth_des.c, server-side des authentication
34 *
35 * We insure for the service the following:
36 * (1) The timestamp microseconds do not exceed 1 million.
37 * (2) The timestamp plus the window is less than the current time.
38 * (3) The timestamp is not less than the one previously
39 * seen in the current session.
40 *
41 * It is up to the server to determine if the window size is
42 * too small .
43 *
44 */
45
46 #include <string.h>
47 #include <sys/param.h>
48 #include <netinet/in.h>
49 #include <rpc/rpc.h>
50 #include <rpc/xdr.h>
51 #include <rpc/auth.h>
52 #include <rpc/auth_des.h>
53 #include <rpc/svc_auth.h>
54 #include <rpc/svc.h>
55 #include <rpc/des_crypt.h>
56
57 #define debug(msg) /*printf("svcauth_des: %s\n", msg) */
58
59 #define USEC_PER_SEC ((uint32_t) 1000000L)
60 #define BEFORE(t1, t2) timercmp(t1, t2, <)
61
62 /*
63 * LRU cache of conversation keys and some other useful items.
64 */
65 #define AUTHDES_CACHESZ 64
66 struct cache_entry
67 {
68 des_block key; /* conversation key */
69 char *rname; /* client's name */
70 u_int window; /* credential lifetime window */
71 struct rpc_timeval laststamp; /* detect replays of creds */
72 char *localcred; /* generic local credential */
73 };
74 #ifdef _RPC_THREAD_SAFE_
75 #define authdes_cache ((struct cache_entry *)RPC_THREAD_VARIABLE(authdes_cache_s))
76 #define authdes_lru ((int *)RPC_THREAD_VARIABLE(authdes_lru_s))
77 #else
78 static struct cache_entry *authdes_cache;
79 static int *authdes_lru;
80 #endif
81
82 static void cache_init (void) internal_function; /* initialize the cache */
83 static short cache_spot (des_block *, char *, struct rpc_timeval *)
84 internal_function; /* find an entry in the cache */
85 static void cache_ref (uint32_t sid) internal_function;
86 /* note that sid was ref'd */
87
88 static void invalidate (char *cred) internal_function;
89 /* invalidate entry in cache */
90
91 /*
92 * cache statistics
93 */
94 struct
95 {
96 u_long ncachehits; /* times cache hit, and is not replay */
97 u_long ncachereplays; /* times cache hit, and is replay */
98 u_long ncachemisses; /* times cache missed */
99 }
100 svcauthdes_stats;
101
102 /*
103 * Service side authenticator for AUTH_DES
104 */
105 enum auth_stat
106 _svcauth_des (register struct svc_req *rqst, register struct rpc_msg *msg)
107 {
108 register uint32_t *ixdr;
109 des_block cryptbuf[2];
110 register struct authdes_cred *cred;
111 struct authdes_verf verf;
112 int status;
113 register struct cache_entry *entry;
114 uint32_t sid = 0;
115 des_block *sessionkey;
116 des_block ivec;
117 u_int window;
118 struct rpc_timeval timestamp;
119 uint32_t namelen;
120 struct area
121 {
122 struct authdes_cred area_cred;
123 char area_netname[MAXNETNAMELEN + 1];
124 }
125 *area;
126
127 if (authdes_cache == NULL)
128 cache_init ();
129 if (authdes_cache == NULL) /* No free memory */
130 return AUTH_FAILED;
131
132 area = (struct area *) rqst->rq_clntcred;
133 cred = (struct authdes_cred *) &area->area_cred;
134
135 /*
136 * Get the credential
137 */
138 if (msg->rm_call.cb_cred.oa_length <= 0 ||
139 msg->rm_call.cb_cred.oa_length > MAX_AUTH_BYTES)
140 return AUTH_BADCRED;
141
142 ixdr = (uint32_t *) msg->rm_call.cb_cred.oa_base;
143 cred->adc_namekind = IXDR_GET_ENUM (ixdr, enum authdes_namekind);
144 switch (cred->adc_namekind)
145 {
146 case ADN_FULLNAME:
147 namelen = IXDR_GET_U_INT32 (ixdr);
148 if (namelen > MAXNETNAMELEN)
149 {
150 return AUTH_BADCRED;
151 }
152 cred->adc_fullname.name = area->area_netname;
153 bcopy ((char *) ixdr, cred->adc_fullname.name, namelen);
154 cred->adc_fullname.name[namelen] = 0;
155 ixdr += (RNDUP (namelen) / BYTES_PER_XDR_UNIT);
156 cred->adc_fullname.key.key.high = *ixdr++;
157 cred->adc_fullname.key.key.low = *ixdr++;
158 cred->adc_fullname.window = *ixdr++;
159 break;
160 case ADN_NICKNAME:
161 cred->adc_nickname = *ixdr++;
162 break;
163 default:
164 return AUTH_BADCRED;
165 }
166
167 /*
168 * Get the verifier
169 */
170 if (msg->rm_call.cb_verf.oa_length <= 0 ||
171 msg->rm_call.cb_verf.oa_length > MAX_AUTH_BYTES)
172 return AUTH_BADCRED;
173
174 ixdr = (uint32_t *) msg->rm_call.cb_verf.oa_base;
175 verf.adv_xtimestamp.key.high = *ixdr++;
176 verf.adv_xtimestamp.key.low = *ixdr++;
177 verf.adv_int_u = *ixdr++;
178
179 /*
180 * Get the conversation key
181 */
182 if (cred->adc_namekind == ADN_FULLNAME)
183 {
184 netobj pkey;
185 char pkey_data[1024];
186
187 sessionkey = &cred->adc_fullname.key;
188 if (!getpublickey (cred->adc_fullname.name, pkey_data))
189 {
190 debug("getpublickey");
191 return AUTH_BADCRED;
192 }
193 pkey.n_bytes = pkey_data;
194 pkey.n_len = strlen (pkey_data) + 1;
195 if (key_decryptsession_pk (cred->adc_fullname.name, &pkey,
196 sessionkey) < 0)
197 {
198 debug ("decryptsessionkey");
199 return AUTH_BADCRED; /* key not found */
200 }
201 }
202 else
203 { /* ADN_NICKNAME */
204 if (cred->adc_nickname >= AUTHDES_CACHESZ)
205 {
206 debug ("bad nickname");
207 return AUTH_BADCRED; /* garbled credential */
208 }
209 else
210 sid = cred->adc_nickname;
211
212 /* XXX This could be wrong, but else we have a
213 security problem */
214 if (authdes_cache[sid].rname == NULL)
215 return AUTH_BADCRED;
216 sessionkey = &authdes_cache[sid].key;
217 }
218
219
220 /*
221 * Decrypt the timestamp
222 */
223 cryptbuf[0] = verf.adv_xtimestamp;
224 if (cred->adc_namekind == ADN_FULLNAME)
225 {
226 cryptbuf[1].key.high = cred->adc_fullname.window;
227 cryptbuf[1].key.low = verf.adv_winverf;
228 ivec.key.high = ivec.key.low = 0;
229 status = cbc_crypt ((char *) sessionkey, (char *) cryptbuf,
230 2 * sizeof (des_block), DES_DECRYPT | DES_HW,
231 (char *) &ivec);
232 }
233 else
234 status = ecb_crypt ((char *) sessionkey, (char *) cryptbuf,
235 sizeof (des_block), DES_DECRYPT | DES_HW);
236
237 if (DES_FAILED (status))
238 {
239 debug ("decryption failure");
240 return AUTH_FAILED; /* system error */
241 }
242
243 /*
244 * XDR the decrypted timestamp
245 */
246 ixdr = (uint32_t *) cryptbuf;
247 timestamp.tv_sec = IXDR_GET_INT32 (ixdr);
248 timestamp.tv_usec = IXDR_GET_INT32 (ixdr);
249
250 /*
251 * Check for valid credentials and verifiers.
252 * They could be invalid because the key was flushed
253 * out of the cache, and so a new session should begin.
254 * Be sure and send AUTH_REJECTED{CRED, VERF} if this is the case.
255 */
256 {
257 struct timeval current;
258 int nick;
259 u_int winverf;
260
261 if (cred->adc_namekind == ADN_FULLNAME)
262 {
263 short tmp_spot;
264
265 window = IXDR_GET_U_INT32 (ixdr);
266 winverf = IXDR_GET_U_INT32 (ixdr);
267 if (winverf != window - 1)
268 {
269 debug ("window verifier mismatch");
270 return AUTH_BADCRED; /* garbled credential */
271 }
272 tmp_spot = cache_spot (sessionkey, cred->adc_fullname.name,
273 &timestamp);
274 if (tmp_spot < 0 || tmp_spot > AUTHDES_CACHESZ)
275 {
276 debug ("replayed credential");
277 return AUTH_REJECTEDCRED; /* replay */
278 }
279 sid = tmp_spot;
280 nick = 0;
281 }
282 else
283 { /* ADN_NICKNAME */
284 window = authdes_cache[sid].window;
285 nick = 1;
286 }
287
288 if (timestamp.tv_usec >= USEC_PER_SEC)
289 {
290 debug ("invalid usecs");
291 /* cached out (bad key), or garbled verifier */
292 return nick ? AUTH_REJECTEDVERF : AUTH_BADVERF;
293 }
294 if (nick && BEFORE (&timestamp, &authdes_cache[sid].laststamp))
295 {
296 debug ("timestamp before last seen");
297 return AUTH_REJECTEDVERF; /* replay */
298 }
299 __gettimeofday (&current, (struct timezone *) NULL);
300 current.tv_sec -= window; /* allow for expiration */
301 if (!BEFORE (&current, &timestamp))
302 {
303 debug ("timestamp expired");
304 /* replay, or garbled credential */
305 return nick ? AUTH_REJECTEDVERF : AUTH_BADCRED;
306 }
307 }
308
309 /*
310 * Set up the reply verifier
311 */
312 verf.adv_nickname = sid;
313
314 /*
315 * xdr the timestamp before encrypting
316 */
317 ixdr = (int32_t *) cryptbuf;
318 IXDR_PUT_INT32 (ixdr, timestamp.tv_sec - 1);
319 IXDR_PUT_INT32 (ixdr, timestamp.tv_usec);
320
321 /*
322 * encrypt the timestamp
323 */
324 status = ecb_crypt ((char *) sessionkey, (char *) cryptbuf,
325 sizeof (des_block), DES_ENCRYPT | DES_HW);
326 if (DES_FAILED (status))
327 {
328 debug ("encryption failure");
329 return AUTH_FAILED; /* system error */
330 }
331 verf.adv_xtimestamp = cryptbuf[0];
332
333 /*
334 * Serialize the reply verifier, and update rqst
335 */
336 ixdr = (uint32_t *) msg->rm_call.cb_verf.oa_base;
337 *ixdr++ = verf.adv_xtimestamp.key.high;
338 *ixdr++ = verf.adv_xtimestamp.key.low;
339 *ixdr++ = verf.adv_int_u;
340
341 rqst->rq_xprt->xp_verf.oa_flavor = AUTH_DES;
342 rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
343 rqst->rq_xprt->xp_verf.oa_length =
344 (char *) ixdr - msg->rm_call.cb_verf.oa_base;
345
346 /*
347 * We succeeded, commit the data to the cache now and
348 * finish cooking the credential.
349 */
350 entry = &authdes_cache[sid];
351 entry->laststamp = timestamp;
352 cache_ref (sid);
353 if (cred->adc_namekind == ADN_FULLNAME)
354 {
355 size_t full_len;
356
357 cred->adc_fullname.window = window;
358 cred->adc_nickname = sid; /* save nickname */
359 if (entry->rname != NULL)
360 mem_free (entry->rname, strlen (entry->rname) + 1);
361 full_len = strlen (cred->adc_fullname.name) + 1;
362 entry->rname = mem_alloc ((u_int) full_len);
363 if (entry->rname != NULL)
364 memcpy (entry->rname, cred->adc_fullname.name, full_len);
365 else
366 {
367 debug ("out of memory");
368 return AUTH_FAILED; /* out of memory is bad */
369 }
370 entry->key = *sessionkey;
371 entry->window = window;
372 invalidate (entry->localcred); /* mark any cached cred invalid */
373 }
374 else
375 { /* ADN_NICKNAME */
376 /*
377 * nicknames are cooked into fullnames
378 */
379 cred->adc_namekind = ADN_FULLNAME;
380 cred->adc_fullname.name = entry->rname;
381 cred->adc_fullname.key = entry->key;
382 cred->adc_fullname.window = entry->window;
383 }
384 return AUTH_OK; /* we made it! */
385 }
386
387
388 /*
389 * Initialize the cache
390 */
391 static void
392 internal_function
393 cache_init (void)
394 {
395 register int i;
396
397 authdes_cache = (struct cache_entry *)
398 mem_alloc (sizeof (struct cache_entry) * AUTHDES_CACHESZ);
399 if (authdes_cache == NULL)
400 return;
401 __bzero ((char *) authdes_cache,
402 sizeof (struct cache_entry) * AUTHDES_CACHESZ);
403
404 authdes_lru = (int *) mem_alloc (sizeof (int) * AUTHDES_CACHESZ);
405 /*
406 * Initialize the lru list
407 */
408 for (i = 0; i < AUTHDES_CACHESZ; ++i)
409 authdes_lru[i] = i;
410 }
411
412
413 /*
414 * Find the lru victim
415 */
416 static short
417 cache_victim (void)
418 {
419 return authdes_lru[AUTHDES_CACHESZ - 1];
420 }
421
422 /*
423 * Note that sid was referenced
424 */
425 static void
426 internal_function
427 cache_ref (register uint32_t sid)
428 {
429 register int i;
430 register int curr;
431 register int prev;
432
433 prev = authdes_lru[0];
434 authdes_lru[0] = sid;
435 for (i = 1; prev != sid; ++i)
436 {
437 curr = authdes_lru[i];
438 authdes_lru[i] = prev;
439 prev = curr;
440 }
441 }
442
443 /*
444 * Find a spot in the cache for a credential containing
445 * the items given. Return -1 if a replay is detected, otherwise
446 * return the spot in the cache.
447 */
448 static short
449 internal_function
450 cache_spot (register des_block *key, char *name,
451 struct rpc_timeval *timestamp)
452 {
453 register struct cache_entry *cp;
454 register int i;
455 register uint32_t hi;
456
457 hi = key->key.high;
458 for (cp = authdes_cache, i = 0; i < AUTHDES_CACHESZ; ++i, ++cp)
459 {
460 if (cp->key.key.high == hi &&
461 cp->key.key.low == key->key.low &&
462 cp->rname != NULL &&
463 memcmp (cp->rname, name, strlen (name) + 1) == 0)
464 {
465 if (BEFORE (timestamp, &cp->laststamp))
466 {
467 ++svcauthdes_stats.ncachereplays;
468 return -1; /* replay */
469 }
470 ++svcauthdes_stats.ncachehits;
471 return i; /* refresh */
472 }
473 }
474 ++svcauthdes_stats.ncachemisses;
475 return cache_victim (); /* new credential */
476 }
477
478 /*
479 * Local credential handling stuff.
480 * NOTE: bsd unix dependent.
481 * Other operating systems should put something else here.
482 */
483 #define UNKNOWN -2 /* grouplen, if cached cred is unknown user */
484 #define INVALID -1 /* grouplen, if cache entry is invalid */
485
486 struct bsdcred
487 {
488 uid_t uid; /* cached uid */
489 gid_t gid; /* cached gid */
490 short grouplen; /* length of cached groups */
491 gid_t groups[NGROUPS]; /* cached groups */
492 };
493
494 /*
495 * Map a des credential into a unix cred.
496 * We cache the credential here so the application does
497 * not have to make an rpc call every time to interpret
498 * the credential.
499 */
500 int
501 authdes_getucred (const struct authdes_cred *adc, uid_t * uid, gid_t * gid,
502 short *grouplen, gid_t * groups)
503 {
504 unsigned sid;
505 register int i;
506 uid_t i_uid;
507 gid_t i_gid;
508 int i_grouplen;
509 struct bsdcred *cred;
510
511 sid = adc->adc_nickname;
512 if (sid >= AUTHDES_CACHESZ)
513 {
514 debug ("invalid nickname");
515 return 0;
516 }
517 cred = (struct bsdcred *) authdes_cache[sid].localcred;
518 if (cred == NULL)
519 {
520 cred = (struct bsdcred *) mem_alloc (sizeof (struct bsdcred));
521 authdes_cache[sid].localcred = (char *) cred;
522 cred->grouplen = INVALID;
523 }
524 if (cred->grouplen == INVALID)
525 {
526 /*
527 * not in cache: lookup
528 */
529 if (!netname2user (adc->adc_fullname.name, &i_uid, &i_gid,
530 &i_grouplen, groups))
531 {
532 debug ("unknown netname");
533 cred->grouplen = UNKNOWN; /* mark as lookup up, but not found */
534 return 0;
535 }
536 debug ("missed ucred cache");
537 *uid = cred->uid = i_uid;
538 *gid = cred->gid = i_gid;
539 *grouplen = cred->grouplen = i_grouplen;
540 for (i = i_grouplen - 1; i >= 0; --i)
541 cred->groups[i] = groups[i]; /* int to short */
542 return 1;
543 }
544 else if (cred->grouplen == UNKNOWN)
545 {
546 /*
547 * Already lookup up, but no match found
548 */
549 return 0;
550 }
551
552 /*
553 * cached credentials
554 */
555 *uid = cred->uid;
556 *gid = cred->gid;
557 *grouplen = cred->grouplen;
558 for (i = cred->grouplen - 1; i >= 0; --i)
559 groups[i] = cred->groups[i]; /* short to int */
560 return 1;
561 }
562
563 static void
564 internal_function
565 invalidate (char *cred)
566 {
567 if (cred == NULL)
568 return;
569 ((struct bsdcred *) cred)->grouplen = INVALID;
570 }
sources.redhat.com git mirror of glibc CVS